Are you in my blocklist?

Is your IP address in my WordPress .htaccess block list? Here are IP addresses I block manually because of comment spamming.

Recently, Jeff Starr wrote about blocking IP addresses posting random string comment spam. That post reminded me about my own older post about blocking WordPress comment spammers manually. With just a few manual steps, you create your own little blocklist for WordPress in either a .htaccess or web.config file. Here are the IP addresses I’m currently blocking. Note, this list can get long (loooonnggg).

$ grep -c 'Require not ip' .htaccess

That’s 313 unique IP addresses posting spam comments here on Sysadmins of the North. Consider this a public pillory. Unlike Jeff, I do remove the comments, so there are no samples saved. I have database backups available, so it’s easily restored. Those 313 was initial, I’m now at 1375.

Read how to restore single MySQL table from a full mysqldump backup file.

Without further ado, here’s the list (tip, use grep 'Require not ip' .htaccess | cut -d " " -f 4 | sort -n | uniq):

Here is how to properly block the IP addresses in .htaccess files.

Next step is to lookup netblocks for those IP addresses, to make the list of IP’s smaller and block entire networks. If you use my Bash script to check an IP address blacklist status you can quickly verify whether an IP address is already listed in Project Honey Pot, for example:

$ for ip in $(cat blocked_ips.txt);
  do ./ $ip;

Explanation about the result addresses is in Project Honey Pot’s Http:BL API Specification. Because you have to keep an eye out for the size of your .htaccess file (the larger the slower), it’s beter to use a (semi) commercial solution like Project Honey Pot, Stop Forum Spam, or perhaps even Imunify 360. All in cooperation with ModSecurity of course.

Happy hunting!

Update: I stopped updating this post because the list of blocked IP addresses was getting too large :)

buy me a coffee
buy me a coffee

Leave a Comment